AWS re:Inforce 2022 - AWS Identity and Access Management (IAM) deep dive (IAM301)

Рет қаралды 37,222

AWS Events

Күн бұрын

Пікірлер: 23

@peterrayson4397 4 ай бұрын

Best description I've seen of IAM. Lens of control plane - data plane is key!

@mikeyinger4204 Жыл бұрын

Brilliant use of 'e' to tee up expectations for the session. I've been cutting and trying IAM and stopped here to get a deeper understanding and you delivered much appreciated insight.

@faadi4536 Жыл бұрын

This is the first time I've tried to understand what happens when an API call is made to a resource. How granular control we have over who gets what. Presentation was good and it gave a deep insight to where we need to strict the policies and where to not. Kudos Sister.

@SafetyDelivered Жыл бұрын

I an such a fan of presentations u get all excited just helping others understand when I tell someone about aws I get all enthusiastic teaching new players how we game lol be nice to work with you personally knowing how much anyone could take and run with and if there passionate like us possible outcomes are truly limiless

@saltdomeguy Жыл бұрын

Extremely smart talk! Interesting about the Control and Data Planes. Seldom discussed in AWS especially as pertaining to IAM. Great discussion S3 permissions, which I was recently asked during an interview. Thanks Becky!

@StefanoBorini 4 ай бұрын

got it. AWS is like Italian red tape.

@chrisadams27 Жыл бұрын

Becky is the greatest!

@maa1dz1333q2eqER 8 ай бұрын

Good talk, thanks!!!

@thorsteinssonh 7 ай бұрын

lol yup differential of exp(x) is itself -- maybe IAM is just as natural, a feature of nature - natural access management :D Like the explanation of the vision behind IAM, the resilience, availability and caching behind it.

@michaeljernigan9800 2 жыл бұрын

Good stuff, but the guy helping people find a seat was super distracting.

@lmbangel 2 жыл бұрын

Exactly !! it was annoying, I can imagine it was distracting to her as well.

@shoobidyboop8634 Жыл бұрын

They should hire much shorter people for that job.

@learnpuresecurity Жыл бұрын

need to do everything before class starts .. but difficult to control the mind

@gilbertsenyonjo963 4 ай бұрын

I also didnt know that e thing

@val_ezresponse Жыл бұрын

wish the chubby guy would just sit down and stop blocking the camera

@nisargjhatakia5844 3 ай бұрын

I am directly going to skip till 3:02

@learnpuresecurity Жыл бұрын

I did not understand how the SCP at kzbin.info/www/bejne/j37NZGaKpLhrmas has a Condition with String not equal to the resourceorg id. We not want anyone to put any object to our org so shouldnt that be stringequal instead of not equal ?

@MyLife-uc5wy Жыл бұрын

Hi @gauravrai1205, Original Answer If you see the action = deny, so if the orgid does not match "o-a1b2c3", then deny. Which mean only allow "o-a1b2c3". I would like someone to correct me if I am wrong, would highly appreciate it. Thanks! Edited: I realised 2 hrs later :) , implicit deny will not allow, hence Gaurav's question remains unanswered.

@programming6881 10 ай бұрын

I think boundry policies are meant to filter out. This does not mean you allow.

@gilbertsenyonjo963 3 ай бұрын

The Effect is DENY. If the resource id is not equal the organization's resource id, deny the request. Also, the video url at that time is kzbin.info/www/bejne/j37NZGaKpLhrmas